cve/2024/CVE-2024-23666.md

### [CVE-2024-23666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23666)
![](https://img.shields.io/static/v1?label=Product&message=FortiAnalyzer&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=FortiManager&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=6.4.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.2.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.4.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20access%20control&color=brightgreen)

### Description

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData 
at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/synacktiv/CVE-2023-42791_CVE-2024-23666
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`### [CVE-2024-23666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23666)`
			`![](https://img.shields.io/static/v1?label=Product&message=FortiAnalyzer&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=FortiManager&color=blue)`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`![](https://img.shields.io/static/v1?label=Version&message=6.4.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=7.0.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=7.2.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=7.4.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20access%20control&color=brightgreen)`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00
			`### Description`

			`A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/nomi-sec/PoC-in-GitHub`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/plzheheplztrying/cve_monitor`
			`- https://github.com/synacktiv/CVE-2023-42791_CVE-2024-23666`